No icons or taskbar?

THE SYSTEM: XP Home SP2 on Dell Dimension 8100 1.5 gHz 256k, a junkyard pickup last used three years ago. System was an upgrade from ME and came with no disk. 40g HD full of movies.

THE PROBLEM: Hardware reports FD seek failure, otherwise comes up normally to a blank XP desktop -- NO ICONS, NO TASKBAR. No explorer task is running. Using task manager to start explorer gets icons andtaskbar; operation then is normal except occasional freezeup that can be broken only with power button. Running in diagnostic mode (non-essential tasks turned off) is same.

DIAGNOSIS: A virus prevents explorer.exe (which is the WIN shell and displays icons and taskbar) from starting normally but there is a working copy of explorer in the proper place -- c:\windows.

WHAT I'VE DONE: Run malwarebytes, superantispyware, and latest MS malicious software removal tool. Both of the first two found >100 tracking cookies plus a couple of copies of malware called GENERAL something -- didn't write it down. MS MRT (run after) found nothing. Removed all installed programs I didn't need -- games, lots of movie/video stuff, comcast, AOHell, the movies. Ran CCleaner whichdeleted another 3.5 gB of stuff (!) and found and fixed 546 registry issues.

Downloaded/ran Kelly's Corner #195 fix for no icons/taskbar: Ran fine but no effect.

Looked in root, WINDOWS, and the two SYSTEM folders for suspicious files with recent dates and obvious bogus copies of explorer; found only a couple of claimed movies in an unfamiliar format in SYSTEM32 and removed same.

WHAT WOULD HELP: 1. Theory/internals info that would help me figure out what to look at/do next. 2. Ideas about what to try.

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.

Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post:No icons or taskbar?

This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Sorry, there was a problem flagging this post. Please try again now or at a later time.

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Assignment complete, with interesting results. I enabled the guest account, logged off as 'James,' and logged on as guest. I got an error message:

"Access denied error message was returned while attempting to change a service. You may need to log on an Administrator account to make specific changes." Typical of a virus, right? ****** stuff and give it protected status so you can't easily fix it.

Same blank windows background and using TM to start Explorer worked as always.

THEN I logged off guest and logged back on as 'James.' NO error message (James is an administrator), the whole screen was there, and my monitor was set to 1152 x whatever -- it's only capable of 1024 x ... so that didn't look too good. Aside from that, EVERYTHING SHOWED UP CORRECTLY, no need to open TM and manually start Explorer.

That suggests that the trouble is caused in preferences that are reset when switching users.

THEN, with great hopes, I restarted the machine. It came back up to a blank screen, fixable with TM.

Which (I think) says that it's not just corrupt data: There's malware somewhere that's corrupting the data, most likely during shutdown.

Any further thoughts?

256k of memory ... shoot, I THOUGHT the thing could go faster than four hours to boot. No ... I guess I meant 256MEG. Still minimal, of course, but I don't usually bother with upping memory (etc.) until a machine is actually ready for use.

I actually spend a number of years working on a machine with 256K of memory ... it cost us most of a million bucks to buy a 512k upgrade. This was an IBM System 370 Model 148, and would have been in the 1970's. I could REALLY reveal my age by telling about the first computer I used ... relays at 15 OPERATIONS per second. Plugboard programed ...

But you can run one or two bootable antivirus disks to see if you find them and if removing them helps. If it works, you're lucky.

Otherwise, apart from installing Linux, the best you can do is first run Belarc to find the XP license code, then find a Windows XP SP2 installation CD and see if it happens to accept that license. Then download the full 500 MB SP3 update and run that. Then let Windows update do it's thing, and you might have a PC that might be useful if you add RAM and accept it has a too slow CPU.

It wouldn't harm to use a driver backup program to backup the drivers used now. That's easier than hunting for them at the net.

Another thing is I noticed something about fixing registry errors. Stop using any and all registry programs immediately if not sooner. Best case scenario those programs do absolutely nothing beneficial, but all too often they create problems rather than fix them. The only kind of maintenance the registry needs is taken care of automatically either by Windows itself, the uninstall program for any given program or AV/malware programs when removing some unwanted pest. You the user need to just stay as far away from the registry as you can unless you have a very specific reason to go spelunking in there. Those times will be very few and far between. Until such a time arrives, if someone says registry you should think gift registry or a book you sign at some event, but most definitely NOT anything to do with the Windows registry.

Other things have been front burner for the last couple of days -- another computer to get working for daily use (Dimension 2400 2.66 mHz, 1gB, XP) and raking leaves for starters. However on the original subject: After another of the occasional hard freezes of the machine with the blank screen on startup I decided to do what I should have done in the first hour: Run a memory test. Sure enough, while there isn't a hard failure (failure on every pass) if you run the test for a while it WILL fail. I'm guessing some bit patterns are okay and some are not. New memory is on order.

I don't know if memory could cause the blank screen problem or not, but there's no point in looking for any specific problem on a computer with memory errors.

I did get one more possible clue if this requires further troubleshooting: ONE time, while I was doing memory testing, I restarted and there was just a flicker of a command prompt screen with the message "Unable to locate explorer.exe or one of its components ..." I THINK ... It was a fraction of a second and basically it was only retinal persistence that lets me say anything about the message but I did read the first 'explo' of the command name and enough of the rest to be pretty sure.

Explorer.exe IS IN the right place on the HD, so this has to be a search failure. I don't know enough win XP architecture to say for sure but it wouldn't surprise me if the programs required to start explorer were in real memory and always at the same addresses, so if some locations were sick ...

I agree with you, Jimmy, about messing around in the registry. I can count the times I've done it on my thumbs, I think. I will run anyone's 'look for registry errors' program and I have used CCleaner to do some tidying up there, because I've done so hundreds of times without any problem. But looking for the latest 'we fix more registry errors than anyone else' program is not my thing. Nor are methods for fixing this or that that begin with 'open REGEDIT and ...'

As to whether a 1.5 gHz machine is too slow, define 'slow.' I know people who spend whole days using a stick with a piece of metal on the end to move a white sphere here and there on grass. This seems to me to be a remarkably slow way to do this and anyway, why is it worth doing? I can rake leaves for 30 minutes and get more exercise and still go have a drink afterwards ...

I guess golf and old computers are matters of taste. I have a Gateway 2000 that was blindingly fast when we bought it more than 15 years ago -- it has a 32 mHz cpu and runs WIN 3.1, I think. Then there's a GX-240 1.7 gHz machine that really IS snappy, running Win98SE with some chunks of ME added on. THAT is the quickest machine around here. I still don't have the sound system working -- it's been an Easter egg hunt for drivers, although most are available from Dell.

I don't know if I've said 'thanks' for the suggestions posted here so just in case: THANK YOU. I'll update again when there's more data.

New memory installed -- 1gB which is the max for this machine. I got the latest BIOS called XP2 and flashed the machine; this is four levels farther on from A06 as received. The noticeable difference is that F12 and F8 now work reliably during boot. Overhauled the dead floppy drive -- like most of them the only problem was dirt. Clean head with alcohol & dry swab, vacuum/brush out dirt, swab the lead screw that moves the heads with WD-40 and it now works fine. You ever watch one of those things format a disk with the cover off?

I ran hitman pro; it found nothing. Then started up malwarebytes again for a full scan; at about 15 minutes it got two hits and promptly hard-froze the machine. Pulled the HD and slaved it on a working machine; It ran over two hours, finished without finding anything.

I'll return the HD to its own machine and start up mbam again while I watch it; maybe I can stop it before the freeze? Unfortunately the log file isn't written until the program exits so there was nothing there after the two hits and freeze run.

Virtually every time I've done serious anti-malware work on this machine I've found programs freezing, things that wouldn't run. The first time I looked at restoring from a checkpoint there were several; the next time I looked they were all gone. I still think malware -- maybe a rootkit? The kid who owned it (and tossed it out) didn't practice what I'd call safe surfing.

I'm sure nobody here would throw away a working personal hard drive but everyone else does. I've had several junkyard machines and every one had personal information on it. Yes, I destroy all that with a very effective tool and then (generally) install a new OS but geezz ...

Yeah, it's a hobby. I drive jun..., I mean, OLDER cars, too.

I like the Dell machines. While the cabnet construction is cheap (all those pop rivets!) a LOT of attention has gone to serviceability. Everything is easy to do, lots of attention to avoiding the avoidable, like having pull tabs on all the ribbon cable plugs so you aren't tempted to pull on the cable. Their website has all the drivers and you even can FIND them. I don't buy new computers but my wife does and there could be a Dell in her future.

In continued battering at the thing with Superantispyware and Malwarebytes I found that userinit.exe (residing in WINDOWS/SYSTEM32) was marked 'suspicious.' I Googled 'userinit virus' and sure enough, this module is a frequent virus target. This was a useful page:

It's basically crowd sourcing of 'is userinit.exe a virus or not' -- a stupid question since the only right answer is "might be," but while 98% of the comments are either 'yes!' or 'no!' (= useless) a very few others provided valuable education.

'userinit.exe' runs as the user is being logged on; it is responsible for establishing a network connection and -- yes -- for starting explorer.exe to display the desktop. After it finishes work, it exits: It should NOT be there once initialization of the user is complete. This makes it an ideal virus target since it can be easily be replaced with one modified to do interesting things including starting other permanent processes to collect keystrokes, passwords, etc. and is able to phone home with data it has collected.

Some victims have found that userinit stays running, others (me) found it gone at the right time. However I found that while other Microsoft modules identify themselves as Microsoft with proper creation dates when you mouse over them, my userinit.exe did not -- it looked like any application. Displaying properties gave a VERY different picture for the active copy (in SYSTEM32) compared to copies in software distribution folders on that machine and another WinXP HE machine.

Further hint: When I renamed the bad file and started to copy the good one over, COPY wanted to know if I wanted to replace the file? Huh? I just renamed it -- there ISN'T one ... oh ... wait ... there IS one. Somebody was providing a new bad file pretty darn fast after I get rid of the old one. Just for fun I did the rename-attempt to copy thing a couple more times and would up with files of type exx, exy, exz, and STILL an exe.

There are various ways to deal with that: I did the simplest first: Said 'yes -- replace it.' That SEEMS to have worked -- I've restarted a few times since then and the icons and task bar are always there. There's likely still malware on the machine because some running task had to be doing the file copies and the various other on-the-fly anti-fixup actions like killing the various anti-malware programs. But hopefully with 'userinit' out of the enemy camp none of the other stuff will be started.

Next job is to run all the anti-malware programs again, full scan where there are options, and dispose of as many as possible of the remaining dead bodies.

In resistant cases of 'no icons and no taskbar,' when simpler things have been tried, checking out userinit.exe in SYSTEM32 would be wise. Easy checks include mousing over and looking for a microsoft signature, comparing created and modified dates (these should be same as for other files of the same OS version installed at the same time) and comparing the results of a search with the windows explorer display for the folder(s): Win explorer maps many non-displayable characters to displayable ones so you will see files with trick characters in the name that WON'T be found by a search. Others have identified a bogus 'userinit' by its very different file size (should be 24-26k for WinXP SP2) but mine was the right size.

A restore to an earlier checkpoint probably would work if you can do it, but I found that my attempt failed and when I tried again there WERE NO earlier checkpoints. I don't know if a System File Check (do I have that name right? would work; depends on whether the virus can get in the way or not. The same would be true of the system repair using the install/restore disk. Obviously a wipe and re-install would do it.

Thanks again for the various hints that helped me get started on this!

I've continued reading professional-caliber remove-that-virus web sites and running new tools. Last night I found that except for those I've already replaced, the files for all the running Windows processes have invalid MD5 hash codes, meaning they've been tampered with. Moreover they all have a 'last changed' date that is just a couple days after I first booted the machine up and a few dozen OTHER Windows files share that date and time.

The files I've fixed so far (by manually replacing with a valid one) all had the 'if you delete it we'll put it back instantly' characteristic so there's still a running task looking after its gang. No wonder the machine is slow: It has to be watching for a bunch of files to be changed.

I'll bet that I can find the archive of bad files.

This is a large and fairly complex virus. I wonder if it does anything beside make your machine close to unusable? Here's the list of symptoms I started with:

1. No icons or task bar -- fixed now.

2. Screen is 'smeary' but correct driver is loaded and it looks fine until user logs on.

3. Machine hard freezes at random times when running malware removal programs. Malwarebytes still hasn't run all the way. I have run about half a dozen removal programs, though, some do complete, and I have removed several things that might have been part of this. (As well as a couple hundred tracking cookies and similar trashware.)

4. Memory errors? I can't help wondering if the memory test program wasn't attacked and maybe the memory I replaced was perfectly okay? I could confirm that with the Dell stand-alone tests but I think it's better right now to march along replacing sick files.

This is a pretty well done virus: I've removed several parts and it's still doing most of what it did the first day. It's only major soft spot is that it doesn't patch the hashcodes and change dates.

I wonder how all those files got changed at the same date and time AFTER I started the machine up again, post trash dump? It didn't have Internet access then.

I see why experts say no machine with serious malware can ever be 100% trusted again without a wipe and new install. I think I'll eventually clear all the symptoms but who knows what might still be there someplace?

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?